Moe

GandCrab V5.2 Ransomware

Recommended Posts

I got a Ransomware that ruined all my data.

It’s called “GandCrab v5.2”

If anyone has a solution please let me know!

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

Share this post


Link to post
Share on other sites
On 3/20/2019 at 12:51 AM, stapp said:

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

---=    GANDCRAB V5.2    =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .KLPBK        

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/abd21ebfec78b836                        
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------                    
    

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAGXbH6kDSPem30LffBclSW49n8xccmAo2dQPwB49N9YW3gUYyLk4XHtWhAxPIiN86d7NL2APgWMgB16Frkkjh/5SkUzMikfFZdLe69kcTqX+YkOLfP7kBM95kR9qO9Db52K23nyTJmfT4JngxrttPbKFzU7EGgpQGawG6Eddibxq13yytIJROnW+rKjPRWn+g0l85acfMhZ9TWG51AlXQwDWh3udnXlRNeyBjfnUnnHtGdk8ci+q3ML+EXnp9uXgT8lbZlBHuqYWcz+/EhUL4jN60+Zdvty8wIqMNP51VrKO4fOnIYCcqeSPveOuPCLED3BXn818AxxpcAKuzGcwJNnG7Fd8LSAkuvObkQUGpb3Lvl2ZlgQ2G/oSBeblolcvGBBEp2aGHxML8HIaaRgl+rGZaLjHEubdPXvfyz2/iCIVxTRorydFgiaFdWuTx0fr1GLsgZS4lACLv6k++OzMZAmBuuvXXTuzY+LdMlxoKnCipuHMYzRjsZTN0M95St2turjHb+whUnYYVzwDRaSUSKiXLgxW8XZ2zZHgd0EWAs625/9xe1vx9X4V7UYqFp7v4V39heISmmPGsznQDzgbiD2TkWsCcqkg7vQBNNVbWpA94k3WD68CSsV5MOyYwJR4Fgkkp7LWwuO4Ga5L0daAZqlE1iIOGo0J9wCIVdn3I3vC9Q41bbrouXmSRR8HklmU+sh/qj1RST7n76ACvAQErAksyvnc8QBPSvzmVOaO3X12a4c8CdY/OALmS2G6RSzTe+S/s/3Lf4fErEFXORp0m+C6oeGcYw6g25SlhYnGNfSfmnLlDQDuHCCfL1lxMeKcU72UVvJGmP3s4yDs3xgUrAfEuZnASeRHlHt+ZsuSs5WP1F7nU0R8/Y2y5iZ9x9vNLGnh7X4avNN9+BziFDHtCBP0xjNLEUrJ8fZJkWQzP9gUMMEOQ/pRyCu1vYF4QfYzjgcl2Mm5l+o1maGb+ePC20Z4P4/y45e8hO4j25TKrWKowPQXb9xublgVtmcy0k2VIMSkPCfTUPjmslQqaNZcTCoFI9Ai+Jb8W6J6ByWCPwrLNdz/0J8rHIz2f6FtSziiH0ocU6ppUzl4Ut41xsaaSTfKjcmFhebpiUoDnb+fWHU36i/8sMFyKTLwdbvxbeq4qfVocucHZRglqH1xBdanvFHcAjqa9BeGjxwNib2Lb+CJ02t4qA0/AYXUZY48AJx5viSes5eqzPuWUVNb4TiArFprDUA7nJFCHv1jh6yfhz7+Kv2owdcjt90iNEsv8iR1VdAhQ0n+VS8ff/rVrLryrg0UYI704UwTbK42dGlbW/DiP5kb7XhYpi63m1+dZdexyyG7iocCvqEaOakQrqXzmPTZuXs2ds2dz9zXOzIYodtdf/BAqJFLd6ScfznJjQPp7l0QnUt1PMCBEfxUA5f/zqebrmX2+lnBO/ttbpmvVq8QWYL0AVYbDNiUVSwHpYQyGq1ASTERAqAs7x1aNAZpA71OgRSKsGtU6JY6g8/PtwHVhuC+Im1rZn1LIbFlzIRW2FlwIlaBDB2wM9MUGL9ld3RFMJKgrlhArCTVq7V1nInBJ0iuSN8wuUEMuexKYfzdEIw46I1XjHYnjX8+1VpMuN7qiuH0lp9h8+ifDZDD+QKnEzMXpeeyBe8dogg0hMxh+7Sy1fJP4TciCamHWmItk0cujhpB83v9vKh937YdPRANwxIkIrjRGJ7CRuVLptt7pxF3pzZ6kjbq5CAS4YDJtW7W3AdzUEbp/aVGb2I0mmecKPUMQfTroUl1VURqpRakaKON1KiuzwdReDlSHBz44z4q+Fk7cJ61rCswqYJ+27ZL4WpXDK18xEjt1/StAUwN1QqTeCLeZS1Q0Nznc+UakHT94LsKxqA666wmAifSkNEEikPvtUf5PjNVtCPRZXa3iZ7zaq2ZJrvZLTKWZ3Mm5BOl1+jmN8yR2OCZyadj8cdOnC+kPElyJ8fv9QztKiWkJ96bqR8ea1Y1nOGpyiB4v1kNWKD92HhOl6uW9oTmiw2c1H8Jr/romdR9tw+SRR+juZb2WWuGT89eersue/Rsi0gEBkZNze35JIrN02w0gdYQWJHzv665uAE4pGqVlXSRacYdUXsgDRyTFGwAvLxS8goVIgxSD1nLhrH1rZ/cR/2Ta+xXEMLaBxGjEwd+CzOOEYgZmOirg+Pl4tf8yM8UpGnIVDb/A0eTVOXjagU6jTWo1CLruWxeDebv7+TzPk0XU2Tto6o=
---END GANDCRAB KEY---

---BEGIN PC DATA---
7ftDEgLb/ZS0lcmZbHM61IfJ7QOtD78Kkg6FbsUgAHZIWKUC+Z+mYFRxCmDT9PnJQZDcAuWVqODJRWfIVXQxQ2qarrPFzrgSG+ggarGXo6bcGPMpY0uHIkmg28QUqhTsgkgYXVpiDcFwiXH/glKVWoVHKCPZMpv74CZ2O8Q3zWax0KIRC/ovEtvBmdlSspmHNvUFIKl0WYNaAyw0SK6bDLlF3yPqB5gmabF+Z/XMGd3sgD725J3/UwB7w9xEWL0y74Xq53tHRnKHMIOBjFCwejeo91rwnMmZ9V9XSUzO7jBnmNH794C1GB4pWqjhRWUVJfeP0wtSVyCbtPmJItBQBktq98ZqR+23YLGemYCRjkeBP4zyrvMzLOHjCqPlrwBW5+Z0T0PJ2fajL2507PfbSz+z8KAgoUXF153sPEWxlygtudnoNloN6iuVyOmhqBtvZbwHrtsypi8B1eWlXDmR7qt4AOwxgTuwM0zab5ofsdxMLRyjorikwCXimDOqKIig6I2eWKb+5gkUvC2ijoFZEvtEtyM/AN/hw9QKIE/1UUGYyeGMb50I1go//OQae24E2nSYCv7rHtdCPDyVUMpALtsbggn3cCqV+rDBEcusFrTTnIeaaUIkb5s07lHBc3bS06JWDEnFloGmqF5w3kbTxJTG6XVKm7bKf/MSEpOdIJiGzm9fNbo27zM29l/RdDF8ppKgQFhjql15yp7wuFyMuqFBZQ57yRpuOMZ3GBtsSeAYuyfqIKfPaulMzXV9DRoYcMT9LavUnX+BaPkeZd3biFR7RtqlfCo9593RxL9J8epThax2WUlWztskPMKoe/6YdT1bwIPWpDmaJJqnsOeoK3Xv+iclnLFSi0DUuMd2M0uYY4Km47C0pFZ1OaMKoZsIZVHISiqlms5ftKRU8PfskI1YPn0xo5sbSo8qcmk94gv2B9e2JTgCeDuc95M5VQGaFc1yTXsDY5etArRbQqj6mbSgYCXWY1yJo7EuNKt08If5PrP9g2eEaXq+KjRBJ+oLlgs7T8mZgp7LWjDCYTklcEtOsLx96b9wyKeV7c/dTZNqg6hmYoDtQJp1+3xSHbAON9T8n4gZlFZ77db6f+2UVr183/7Mov1kCetd1Wun1hl0ptL4AlcqMnTg98awP4/+auhST90BMHigYFhk3G1JaGPFBYvqIClTIZ9K8F9vaiYq2+JqbqooQo8fcxPEuhE5k1g9Yea8Xd27DPndBiGeYGc/TRAAlxSGvNVSgw==
---END PC DATA---

Share this post


Link to post
Share on other sites

There are currently no free decryption tools that can decrypt files that have been encrypted by GandCrab version 5.2. BitDefender has a decrypter that works with some older versions, and once they are able to get their hands on the private keys for v5.2 as well then I'm sure they will update their decrypter to support it. You can find more information at the following link:
https://labs.bitdefender.com/2018/10/gandcrab-ransomware-decryption-tool-available-for-free/

Share this post


Link to post
Share on other sites

Hi,
I just got hit with the same ransomeware

I have got rid of the ramsomware software but all my files have been encrypted to .zajormc

Cheers
Max

Share this post


Link to post
Share on other sites
1 hour ago, MaxR said:

Hi,
I just got hit with the same ransomeware

I have got rid of the ramsomware software but all my files have been encrypted to .zajormc

Cheers
Max

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them.

Share this post


Link to post
Share on other sites

---=    GANDCRAB V5.2    =---

***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED***********************

    *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS*****

Attention!

All your files, documents, photos, databases and other important files are encrypted and have the extension: .ZAJORMC      

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.


The server with your key is in a closed network TOR. You can get there by the following ways:

----------------------------------------------------------------------------------------

| 0. Download Tor browser - https://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser:   http://gandcrabmfe6mnef.onion/60059a29fcee1630  
| 4. Follow the instructions on this page

----------------------------------------------------------------------------------------                    
    

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.


ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

---BEGIN GANDCRAB KEY---
lAQAAEDKZ6aFCQKULVST55w/+wYdc1Uuv4HcildGGITP1CLd1jN3c0ExhbX3UpNwRkQ+qZttn7yz0dKzW/xrelRnGpR28Pvl1i/SuhLhETBpnFhfki5odx1v6iyN//F9Pb+2OHRKgc2r3O7TMekQnQWYnW9MY/nKsytvWGX2kP8a7m9jYB+0+HNMiLeXnKhxUFotdHIszfN6LW83lLjGxP3GUqMHOfqGDicNSD5CyBahJf26xzm+2IcAGRsyvV2v71EByJIdr/mqNej+fP9at8b1bumINM8jsdSR4+M5L0lENTed3bEDixcxF/4BROKVIrDh0a7iL86qdmGDCgzNMPhdZ8X/JaN3Yr0AEghhytTUkYwB1vuHnO/NkFFFITHTA5sbT4o0kTaXveKVVWnPzoW2oUJeNjxs71yOqq12MRrQYnaX662aTFYZuRjUevedn1beB3uLTXmCo32ZBhChRuwWnvQ4wwg25Dlw0M3TfzDECUesB2oE92aMihkuWTnC371njZXKaNThp6eLvAyo0Cjze0TXXKDWODMiTd+OkFKvRuz9QpH20Z+nknbm4gpxKt1tFDvxXEBFLCA1zRgd0KBK0Y9KeVbRwes+kSvrbT4D6ptsgXTthv5qv2AnMuThuZWtG0ux+impgaonLQYng2oH5HGqKuAUiHD7pjnXbAbL8L1z1/AViM4FeGPeTNnCzXn6qfgHJCNFhHNu8P9cvLVGCmG6oWk/VwM4qWjZiYSdM2KNwQov12OOxV4Jeka6LUI6nsaGFm8CwDRST5j4dBOuZstGqViyhCDN6Px4X6OdbZlkogCkERgMgvcYmOTwH7SQ+9m7uHEFmVvFpt3H/7AUCf2BhcqEgJ/MgzgxyWkVohyR7WY6Ikkel4GGOVCD9uPraPuAeTDWSoVd8p9rTsR0JkoAEHtH+uDWWVh2I2JOgD5iuzQHKco1nSiV8RarKUcWSXGwhC+sfk9fGEr+NovVQnC2RJ/h9fWzJwCprSn2Y+pCjGjCkBmwUL+ZFv8Syrp1YIu1tlj52J+g02ZtncJlDqUPscoSfXLqPMrHjLxYKGi9l7/8GKPfvyfe80e6WLxBNqa81PvcXYnBuYFbIL8VxOzneslJT7cRv9ZG5ad+mDwhrnrtY6WllWKOwbIbKPFsgr1bpTPmvVoQqTAaBKfKsvmOgmW6wvkD8ihCP9zP/uo58z4BwkRS9f6niYV6Vmn3Ih/m+ziGVFxN8dU57yfFm8mmLVWO3Lcou/V82lYm5CcPujW1kBjWXMN98nNLQfD5Keql8ygk0Pu4NKSj5tn+kaIfNYzsrMCeusfyBqKAMqvpErQ766BPyhl+VQ7ZFMEXS39D6/HRiXaM/5RjaGZUqZo4V0/t3UksQVaWFhhBJ3SbbUmyEK4JrJsHer+CGfAuT/MMxYOQsEMMGrFGB2dW29xyNDwhcCf+wzpMds5Y+QDEOexRoXEoKi/AkX2khBRwwSn9ij5RHiQrwjpCm6wt9QS0WyrRbQe0DDAEzgQNosXIkJHSft8mgsx0+zwzC7+wiHnrkhDFPKN8MnmVu9PENH/DgjM7y03vKqm4yECWt40Gy2B6I5lGXmRwTBPeQQyXFWHq1yU+Bbs6gQEayzrP5XnvcYekMw4URJNPqJn3j8SLT4gGGW5BEci5zRt9Z0kPKeVJFb4JCrvB1TojYfgUo+D9bY6sXOq3M5aQb3ZY0XDp2jvLlABThwSWlXw5Fi+gtTzdBvq2vBZmrXyUKlq/sMm4nS/L3FrMShqc5wa4eeL8EUwIazNYuTOG7qz4tEujqr0XwqDPPT3VwOvrcGvBtmjEagWGNlEIiQ2Ama5JBkehzu98CPrj+YVAWjpaK3en93PiylC8J37KD5rlIpir/nUYtyo+50zXtCYH480dCX6tuZgkmYqbdSYnbAFMhgqNvHeQrcvioEp+o9mFoWJOtDWHJhU3TQEPX+DLukr/hyVwnCRRBFw9p+FgwTr18FMgHyXS9ptxW6KhILmdpenTJJmQhQiVowDprQUbTYqjXATaxPDNiRk5Deql/bjyJhOst0u6KcdKNOVtAxWKO2b3DZzBHx5OZcRN9iagsXMQQF7rQRtXSx8HwLrDPOJ/MKIx/YYQi+9t0oMeijSQbPhJB1LdP5vUf3pJjZ8Gap4lbGkFICt7I/SzgbpNBYFMdabF/TBLsWVcsas/NvaBG3m38ElYD/VP51MzB+q1sCIYEe7DS8Zqsa24eCHNG8UbWJOyBRf3QD0=
---END GANDCRAB KEY---

---BEGIN PC DATA---
7ftDEgLb/ZS0lcmZbHM61KzJ7QO4D/YKhA7PboMgUXZIWKUC+Z+mYFRxCmDT9PnJQZDeAuGVtuDLRX/IQ3Q3Q3WasrOkzr0SC+hpauaXxaadGPEpb0utIl6glMQsqi7soEhuXUpiEMFtiW//lVLhWrpHHiPWMtH78SZ7O/w3nGa10KIRQfpHEu3B0dkPsruHPPVIILx0Q4NnA3o0Ha7EDLRFkSOFB9MmZ7FnZ8XMBt2wgAP24p3jU1l7+9xaWKAyq4W05zxHFXLiMNyByFD1egCo6Vr2nMWZ9F9CSRjO6DBnmOv7s4CzGBkpOKj7RToVZfeU0wFSACDBtKyJP9BcBnpq7cZhR723XrGVmYCRgUeGP9ny/PNgLL3jCKPgrwFW4+YvTxXJiva0LzB0u/ePSySz26B+oWfFo533PDqxlSg7ubDoQVp+6k2Vw+mgqBBvZLwArtoyoi8F1filXDmR7qt4GewxgTuwNkzZb5YfudxVLWmjqLjVwF7i7DOrKPag8Y3mWMz+mwlgvEGijIFbEvlEtSM5ANnhx9QTIEf1WEGYye6MZp0X1gg//eQSe2oE2HSYCufra9dIPEOVIMoqLrgbrwnMcCKV+rDJEcmsAbSQnMSaM0JMb8Y0slHEc2jS06JWDEbFhoHjqAlwmkaSxMnGsHUQm7vKZvN0EpudQJiuzlRfBLob7wM2qV/cdGZ8/5L5QAdj
---END PC DATA---

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.